Re: [rt-users] (RT::Authen::ExternalAuth) "email exists" problem authenticating trough AD
Hi > Is it possible that parameter $RTAddressRegexp interfers with > RT::Authen::ExternalAuth ? I doubt it. > On Active directory side no error, only successes logs. Are you saying that a user attempts to log in, you see successful LDAP bind on the LDAP server, and RT login fails? If so, please send us the relevant debug-level RT log excerpt. Also the LDAP server log excerpt if possible. > Do you no about any other debug options I could use ? I did notice that, after upgrading to RT 4.0.17 and ExternalAuth 0.12, I get much more detailed debug-level log messages for ExternalAuth. Hope this helps. Nathan
[rt-users] How to list all enabled users in Perl script?
Greetings:
RT 4.0.17. In the web UI, when I list all enabled users by selecting
'%' I get a list of about 152 users (approximately). Now, I have
written a Perl script that is supposed to list all enabled RT users.
When I run it, it finds 147 users and lists them in alphabetical
order. But approximately 5 users at the end of the alphabet ('Name'
starting with 'v', 'w', 'x', 'y', or 'z') are missing. For the life of
me I can't figure out why. Any ideas?
use strict;
use warnings;
use RT;
use RT::User;
use RT::Users;
BEGIN {
RT->LoadConfig;
RT->Init;
}
my $RT_enabled_users = RT::Users->new($RT::SystemUser);
$RT_enabled_users->LimitToEnabled;
my $loop_count = 0;
while (my $current_user = $RT_enabled_users->Next) {
$loop_count += 1;
my $uid = $current_user->Name;
my $real_name = $current_user->RealName;
my $rt_email = $current_user->EmailAddress;
print "$loop_count: '$uid' -- $real_name -- $rt_email\n";
}
print "Loop count: $loop_count\n";
Thanks alot,
Nathan
Re: [rt-users] Upgrading from 4.0.5 to 4.0.17
Thanks Kevin, Everything seemed to have worked :) -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Kevin Falcone Sent: Thursday, August 29, 2013 4:33 PM To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Upgrading from 4.0.5 to 4.0.17 On Thu, Aug 29, 2013 at 05:46:16PM +, Thomas Misilo wrote: >I just want to verify the steps I would need to take in order to upgrade > to the latest version >of RT. > >Currently I have setup > >/opt/rt4.0.5 > >/opt/rt4 `a symlink to 4.0.5 > >/opt/rt-4.0.17 > >I know I will need to copy the the RT_SiteConfig.pm to the new version. > Will I need to copy >any files (other than my theme) over? You should not copy any files other than the config or other local modifications. There are database changes between those versions you will need to run. You should be following any upgrading steps listed in the README and UPGRADING-4.0 document. http://bestpractical.com/docs/rt/latest/README.html http://bestpractical.com/docs/rt/latest/UPGRADING-4.0.html#UPGRADING-FROM-4.0.5-AND-EARLIER -kevin
[rt-users] RT 4.0.4 behind Apache Reverse Proxy with mod_auth_kerb
Hi all,
we have successfully setup RT 4.0.4 with ldap_import and mod_auth_kerb. Now we
need to get the setup running through our reverse proxy.
What we have on our reverse proxy is this:
ProxyPass/rt/ http://hostname.local/rt/ max=100
ProxyPassReverse /rt/ http://hostname.local/rt/
RedirectMatch ^/$ /rt/
# Proxy all locations
AddDefaultCharset off
Order deny,allow
Deny from none
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms KRB5.LOCAL
Krb5KeyTab /etc/apache2/host.keytab
KrbMethodNegotiate on
KrbAuthoritative on
KrbMethodK5Passwd off
KrbSaveCredentials on
require valid-user
# SSO
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)$
RewriteRule . - [E=RU:%1]
RequestHeader set REMOTE_USER %{RU}e
Running tcpdump we can see that REMOTE_USER is set and send to the host hosting
RT. It looks like RT is not picking it up. As far as I understood is that my
user gets authenticated at the proxy and RT should trust these credentials and
log in the user.
[rt-users] pbcat.something tables
Hi RT-players Does anybody know what are these tables in RT database starting with pbcat, like pbcatcol, pbcatedt and ...? Someone says: "As far as I know, those are tables PB uses and are not to be directly modfied by a user. I'm in PB 9 but from the help using PBCatalogOwner DBParm parameter: "Specifies a nondefault owner for the extended attribute system tables. These five tables contain default extended attribute information for your database. " When you set up attributes for your tables, that's when these tables are populated." I like to know more about this. I am not very good in mysql and I need to know how is the impact on these tables? And by the way, what are "some-rt-table-FTSI"?? Does database makes them automatically too?? Thanks...
Re: [rt-users] (RT::Authen::ExternalAuth) "email exists" problem authenticating trough AD
Hi,
After many searches, it works for some of my users and don't work for some
others.
Is it possible that parameter $RTAddressRegexp interfers with
RT::Authen::ExternalAuth
?
On Active directory side no error, only successes logs.
Do you no about any other debug options I could use ?
Thanks
On Wed, Aug 21, 2013 at 12:33 PM, Maximilien Drouet wrote:
> Hi Nathan,
>
> After many searchs with your help and our AD Administrator we found that
> the account was not authorized.
>
> I was given another one and now, command line binds and authenticate well
> but no chance with RT. Here is the command line
>
> ldapsearch -LLL -H ldap://myserver.mydomain.local -x -D
> 'mydomain\ldapuser' -W -b ou=FR,dc=mydomain,dc=local uid=mysuer
>
> and the output.
>
>
> dn: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
> Clients,OU=mydomain,OU=FR,DC=mydomain,DC=local
> v
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Firstname Lastname
> sn: Lastname
> c: FR
> l: city
> title: myTitle
> postalCode: Zipcode
> physicalDeliveryOfficeName: z - y - x
> telephoneNumber: myTelephonenumber
> givenName: FirstName
> distinguishedName: CN=Firstname Lastname,OU=z - y - x,OU=city,OU=Users &
> Clients,OU=mydomain,OU=FR,
> DC=mydomain,DC=local
> instanceType: 4
> whenCreated: 20100701014148.0Z
> whenChanged: 20130821001737.0Z
> displayName: Firstname Lastname
> uSNCreated: 73679
> memberOf: CN=LL.microsoftproject,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.Crystal.Reports.XI,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.IE8,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.itop,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
> memberOf: CN=LL.msvisio2003,OU=SDG Groups,DC=mydomain,DC=local
> memberOf: CN=LL.ClickToCall,OU=SDG Groups,DC=mydomain,DC=local
> memberOf:
> CN=mydomain.LL.dsi,OU=Groups,OU=mydomain,OU=FR,DC=mydomain,DC=local
> uSNChanged: 10019507
> co: FRANCE
> department: z - y - x
> streetAddress: myaddress
> name: Firstname Lastname
> objectGUID:: l8cI/GO3KEOyA0E8neccKA==
> userAccountControl: 544
> badPwdCount: 0
> codePage: 0
> countryCode: 250
> badPasswordTime: 130215493735596806
> lastLogoff: 0
> lastLogon: 130214762950697235
> pwdLastSet: 130214610102266437
> primaryGroupID: 513
> objectSid:: AQUAAAUVEQz3vwuoUpdtKTGZJPEAAA==
> accountExpires: 1302513840
> logonCount: 197
> sAMAccountName: mysuer
> sAMAccountType: 805306368
> userPrincipalName: mymail
> lockoutTime: 0
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=mydomain,DC=local
> dSCorePropagationData: 20130524093118.0Z
> dSCorePropagationData: 20130523093743.0Z
> dSCorePropagationData: 1601010101.0Z
> lastLogonTimestamp: 130214610103032919
> uid: mysuer
> mail: mymail
>
>
>
> I'm quite confused with the RT configuration file and it's option, even
> looking at the documentation I'm a litte bit lost, maybe the problem is
> there.
>
> Here is the RT_Config extract
>
> # External Authentication Configuration
> Set($ExternalAuthPriority, [ 'My_LDAP']);
> Set($ExternalInfoPriority, [ 'My_LDAP']);
> Set($ExternalSettings, {
>
> # AN EXAMPLE LDAP SERVICE
> 'My_LDAP' => {
> 'type' => 'ldap',
> 'server'=> 'myserver.mydomain.local',
> 'user' => 'ldapaccount',
> 'pass' => 'ldapaccountpassword',
> 'base' => 'ou=FR,dc=mydomain,dc=local',
> 'filter'=>
> '(&(ObjectCategory=User)(ObjectClass=Person))',
>
> 'd_filter' =>
> '(userAccountControl:1.2.840.113556.1.4.803:=2)',
> 'group' => 'OU=Users &
> Clients,OU=MYDOMAIN,OU=FR,DC=mydomain,DC=local',
> 'group_attr'=> 'member',
> 'tls' => 0,
> 'ssl_version' => 3,
>
> 'net_ldap_args' => [version => 3 ],
> 'group_scope' => 'base',
> 'group_attr_value' => '*',
> 'attr_match_list' => ['Name'],
> 'attr_map' => {
> 'Name' => 'sAMAccountName',
> 'EmailAddress' => 'mail',
> 'Organization' => 'physicalDeliveryOfficeName',
> 'RealName' => 'cn',
> 'ExternalAuthId' => 'sAMAccountName',
> 'Gecos' => 'sAMAccountName',
> 'WorkPhone' => 'telephoneNumber',
> 'Address1' => 'streetAddress',
> 'City' => 'l',
> 'State' => 'st',
> 'Zip' => 'postalCode',
> 'Country' => 'co'
> },
> },
> } );
>
>
> Any other Idea ?
>
>
> --
> Regards
>
> Maximilien
>
>
>
>
>
--
Regards
Maximilien
